Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-53617 PoC — LibrePhotos 安全漏洞

Source
https://github.com/ii5mai1/CVE-2024-53617
Associated Vulnerability
Title:LibrePhotos 安全漏洞 (CVE-2024-53617)
Description:LibrePhotos是LibrePhotos开源的一个自托管开源照片管理服务。 LibrePhotos存在安全漏洞,该漏洞源于容易受到跨站脚本攻击,攻击者可以利用文件上传中的 IDOR 代表管理员用户上传 HTML 文件来接管任何帐户。
Readme
# CVE-2024-53617: Stored XSS in LibrePhotos before version 2024w47

LibrePhotos before version 2024w47 has a stored XSS (Cross-site Scripting) allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

References:
- https://github.com/LibrePhotos/librephotos/pull/1476
- https://github.com/LibrePhotos/librephotos/commit/32237ddc0b6293a69b983a07b5ad462fcdd6c929
File Snapshot

 [4.0K]  /data/pocs/ab417eb201766e32a46d114a45c866134034c4e4
├── [  70]  exploit.rwz
├── [1.2K]  poc.py
└── [ 426]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.